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CLAIMS 

L A method of au^entication and authorization support for Mobile IP version 6 
5 (MIPv6) in a CDMA system, characterized by transferring MIPv6-related information 
in an authentication protocol in an end-to-end procedure between a mobile node (10) in 
a visited network and a home network of the mobile node ovct an AAA infrastructure. 

2. The method of claim 1, wherein the authentication protocol is an extended 
1 0 authentication protocol. 

3. The method of claim 1, wherein the end-to-end procedure is executed between the 
mobile node (10) and an AAA server (34) in the home network. 

15 4. The method of claim 3, wherein the MIPv6-related information is transferred in 
the authentication protocol betwerai the mobile node (10) and the AAA home network 
server (34) via an internetworking access server (22) located in the visited network. 

5. The method of claim 4, wherein the internetworking access server (22) is a PDSN 
20 node 

6. The method of claim 4, wherein point-to-point communication between the mobile 
node (10) and the internetworking access server (22) is configured based on the CSD- 
PPP protocol. 

25 

7. The method of claim 1, wherein the MIPv6-related information comprises 
information selected from the group of MIPv6 authentication, authorization and 
configuration information. 

30 8. The method of claim 2, wherein the extended authentication protocol is an 
extended Extensible Authentication Protocol (EAP) and the MIPv6-related inforaiation 
is incorporated as additional data in the EAP protocol stack. 
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9. The method of claim 8, wherein the MIPv6-related infomiation is transferred as 
EAP attributes of the method layer in the EAP protocol stack. 

10. The method of claim 8, wherein the MIPv6-related information is transferred in a 
generic container attribute available for any EAP method. 

11. The method of claim 8, wherein the MIPv6-related information is transferred in a 
method-specific generic container attribute of the method layer in the EAP protocol 
stack. 

12. The method of claim 1, wherein the authentication protocol is carried by a protocol 
selected from the group of PANA, PPP, and CSD-PPP between the mobile node (10) 
and an intemetworking access server of the visited network. 

13. The method of claim 4, wherein the authentication protocol is carried by an AAA 
firamework protocol application between the intemetworking access server (22) of the 
visited network and the AAA server (34) in the home network. 

14. The method of claim 13, wherem the AAA firamework protocol application is 
selected from the group of Diameter, and RADIUS. 

15. The method of claim 1, wherein said method fiirther comprises the stqp of 
performing, for the pxirpose of MIPv6 hand-in, CHAP authentication between the 
mobile node and the home network. 

16. The method of claim 15, wherein said step of performing CHAP authentication 
comprises the step of using an authentication phase of PPP. 

17. The method of claim 1, wherein the MIPv6-related information is transferred over 
the AAA infrastructure for allocation of a home agent (36). 
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18. The method of claim 1, wherein the MIPv6-related inforaiation is transferred over 
the AAA infirastructure for establishing a MIPv6 secimty association between the 
mobile node (10) and a home agent (36). 

5 

19. The method of claim 1, wherein the MIPv6-related information is transferred over 
the AAA infrastructure for establishing a binding for the mobile node (10) in a home 
agent (36), 

10 20. The method of claim 4, wherein the intemetworking access server (22) offers the 
mobile node the possibility to use PPP or CSD-PPP by sending out a standard 
PPP/LCP packet and at least a PPP/EAP packet. 

21. The method of claim 20, wherem the mobile node opts for CSD-PPP using 
1 5 PPP/EAP, concurrently processing PPP/LCP. 

22. The method of claim 20, wherein the mobile node opts for PPP and processes 
PPP/LCP. 

20 23. The method of claim 20, wherein the intemetworking access server also sends out 
a PPP/CHAP packet together with the PPP/LCP and PPP/EAP packets. 

24. The method of claim 23, wherein the mobile node wants MIPv6 hand-in and opts 
for CSD-PPP using PPP/CHAP, concurrently processing PPP/LCP. 

25 

25. The method of claim 1, wherein assignment of a global IPv6 address is performed 
based on DHCP exchanges between the mobile node and the home network over the 
AAA infrastructure. 
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26. The method of claim 1, wherein IPv6 address configuration is performed based on 
the NCP (IPv6CP) phase of PPP for Interface-ID assignment, and IPv6 router 
solicitation/advertisement for obtaining the global prefix of the IPv6 address. 

5 27. A system for authentication and authorization, support for Mobile IP version 6 
(MIPv6) in a CDMA sj^tem, characterized by means for transferring MIPv6-related 
information in an authentication protocol in an end-to-end procedure between a mobile 
node (10) in a visited network and a home network of the mobile node over an AAA 
infrastructure. 

10 

28. The system of claim 27, wherein the authentication protocol is an extended 
authentication protocol. 

29. The system of claim 27, wherein the end-to-end procedure is between the mobile 
1 5 node (10) and an AAA server (34) in the home network. 

30. The system of claim 29, whwein the MIPv6-related information is transferred in 
the authentication protocol between the mobile node (10) and the AAA home network 
server (34) via an intemetworking access server (22) located in the visited network. 

20 

3 1 . The method of claim 30, wherein the intemetworking access server (22) is a PDSN 
node 

32. The system of claim 30, further comprising means for configuring point-to-point 
25 communication between the mobile node (10) and the intemetworking access server 

(22) based on the CSD-PPP protocol. 

33. The system of claim 27, wherein the MIPv6-related information comprises 
information selected firom the group of MIPv6 authentication, authorization and 

3 0 configuration information. 



wo 2004/112349 



48 



PCT/SE2004/000950 



34. The system of claim 28, wherein the extended authentication protocol is an 
extended Extensible Authentication Protocol (EAP) and the MIPv6-related information 
is incorporated as additional data in the EAP protocol stack. 

5 35. The system of claim 34, wherein said means for transferring MIPv6-related 
information comprises means for transferring the MIPv6-related information as EAP 
attributes of the method layer in the EAP protocol stack. 

36. The system of claim 34, wherein said means for transferring MIPv6-related 
10 information comprises means for transferring the MIPv6-related information in a 

generic container attribute available for any EAP method. 

37. The system of claim 34, wherein said means for transferring MIPv6-related 
information comprises means for transferring the MIPv6-related information in a 

15 method-specific generic container attribute of the method layer in the EAP protocol 
stack. 

38. The system of claim 27, wherein the authentication protocol is carried by a 
protocol selected from the group of PANA, PPP, and CSD-PPP between the mobile 

2 0 node (10) and an internetworking access server of the visited network. 

39. The system of claim 30, wherein the authentication protocol is carried by an AAA 
framework protocol application between the internetworking access server of the 
visited network and the AAA server (34) in the home network. 

25 

40. The system of claim 39, wherein the AAA framework protocol application is 
selected from the group of Diameter, and RADIUS. 

41. The system of claim 27, wherein said system ftirther comprises means for 
30 performing, for the purpose of MIPv6 hand-in, CHAP authentication between the 

mobile node and the home network. 
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42. The system of claim 41, wherein said means for performing CHAP authentication 
is operable for using an authentication phase of PPP. 

5 43. The sjratem of claim 27, wherein said means for transferring MIPv6-related 
information is operable for transferring the MIPv6-related information over the AAA 
infrastructure for allocation of a home agent (36). 

44. The system of claim 27, wherein said means for transferring MIPv6-related 
10 information is operable for transferring the MIPv6-related information ovct the AAA 

infrastructure for establishing a MIPv6 security association between the mobile node 
(10) and a home agent (36). 

45. The system of claim 27, wherein said means for transfomig MIPv6-related 
15 information is operable for transferring the MIPv6-related information over the AAA 

infrastructure for establishing a binding for the mobile node (10) in a home agent (36). 

46. The system of claim 30, wherein the intemetworking access server (22) is operable 
for offering the mobile node the possibility to use PPP or CSD-PPP by sending out a 

20 standard PPP/LCP packet and at least a PPP/EAP packet. 

47. The system of claim 46, wherein the mobile node is operable for selecting CSD- 
PPP using PPP/EAP, concurrentiy processing PPP/LCP. 

2 5 48. The system of claim 46, wherein the mobile node is operable for selecting PPP and 
processing PPP/LCP. 

49. The system of claim 46, wherein the intemetworking access server is operable for 
sending out a PPP/CHAP packet together with the PPP/LCP and PPP/EAP packets. 
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50. The system of claim 49, wherein the mobile node, wanting MIPv6 hand-in, is 
operable for selecting CSD-PPP using PPP/CHAP, concurrently processing PPP/LCP. 

51. The system of claim 27, further comprising means for assignment of a global IPv6 
5 address based on DHCP exchanges between the mobile node and the home network 

over the AAA in£rastructure. 

52. The system of claim 27, further comprising means for IP address configuration 
based on the NCP (IPv6CP) phase of PPP for Interface-ID assignment, and IPv6 router 

1 0 solicitation/advertisement for obtaining the global prefix of the IPv6 address. 

53. A system for Mobile IP version 6 (MIPv6) hand-in within a CDMA framework, 
characterized by means for performing CHAP authentication between a mobile node 
(10) in a visited network and an AAA server in a home network of the mobile node 

1 5 over an AAA infrastructure. 

54. An AAA home network server (34) for authentication and authorization support for 
Mobile IP version 6 (MIPv6) in a CDMA system, characterized by 

means for assigning a home agent (36) to a mobile node (10); and 
20 means for distributing credential-related data for security association 

establishment between the mobile node and the home agent to the mobile node and the 
home agent, respectively. 

55. The server of claim 54, characterized by means for assigning a home address to the 
2 5 mobile node (10). 

56. The server of claim 55, characterized by means for configuring the home address of 
the mobile node (10) using the roimdtrips of a selected EAP procedure. 
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57. The server of claim 55, characterized by means for transferring the home address of 
the mobile node (10) to the hoine agent (36) using an AAA framework protocol 
application. 
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AMENDED CLAIMS 
[Received by the Intemational Bureau on 23 Nov 2004 (23.1 1.04); 
original claims 1-57 has been replaced by amended claims 1,3,7,827,39,33 
the remaining claims is unchanged..] 

1. A method of authentication and authorization support for Mobile IF version 6 
(MIPv6) in a CDMA system, characterized by transferring, between a mobile node 
(10) in a visited network and a home network of the mobile node, MIPv6-related 
authentication and authorization information in an authentication protocol in an end-to- 
end procedure transparent to the visited network over an AAA infrastructure. 

2. The method of claim 1, wherein the authentication protocol is an extended 
authentication protocol. 

3. The method of claim 1, wherein the end-to-end procedure is executed between the 
mobile node (10) and an AAA server (34) in the home network, and nodes in the 
visited network act as mere pass-through agents in the end-to-end procedure. 

4. The method of claim 3, wherein the MIPv6-related information is transferred in 
the authentication protocol between the mobile node (10) and the AAA home network 
server (34) via an internetworking access server (22) located in the visited network. 

5. The method of claim 4, wherein the internetworking access server (22) is a PDSN 
node 

6. The method of claim 4, wherein point-to-point communication between the mobile 
node (10) and the internetworking access server (22) is configured based on the CSD- 
PPP protocol. 

7. The method of claim 1, wherein the MIPv6-related information also comprises 
MIPv6 configuration information. 

8. The method of claim 2, wherein the extended authentication protocol is an 
extended Extensible Authentication Protocol (EAP) and the MIPv6-related 
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aufhentication and authorization infoimation is incoiporated as additional data in the 
EAP protocol stack. 

9. The method of claim 8, wherein the MIPv6-related information is transferred as 
EAP attributes of the method layer in the EAP protocol stack. 

10. The method of claim 8, wherein the MIPv6-related information is transferred in a 
generic container attribute available for any EAP method. 

11. The method of claim 8, wherein the MIPv6-related information is transferred in a 
method-specific generic container attribute of the method layer in the EAP protocol 
stack. 

12. The method of claim 1, wherein the authentication protocol is carried by a protocol 
selected from flie group of PANA, PPP, and CSD-PPP between the mobile node (10) 
and an internetworking access server of the visited network. 

13. The method of claim 4, wherein tihie authentication protocol is carried by an AAA 
framework protocol application between the intemetworking access server (22) of the 
visited network and the AAA server (34) in the home network. 

14. The method of claim 13, wherein the AAA framework protocol application is 
selected from the group of Diameter, and RADIUS. 

15. The method of claim 1, wherein said method ftirther comprises the step of 
performing, for the purpose of MIPv6 hand-in, CHAP authentication between the 
mobile node and the home network. 

16. The method of claim 15, wherein said step of performing CHAP authentication 
comprises the step of using an authentication phase of PPP. 
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17. The method of claim 1, wherein the MIPv6-related infomiation is transferred over 
the AAA infiBStructure for allocation of a home agent (36). 

18. The method of claim 1, wherein the MIPv6-related information is transferred over 
the AAA infrastructure for establishing a MIPv6 security association between the 
mobile node (10) and a home agent (36). 

19. The method of claim 1, wherein the MIPv6-related information is transferred over 
the AAA infrastructure for establishing a binding for the mobile node (10) in a home 
agent (36). 

20. The method of claim 4, wherein the internetworking access server (22) offers the 
mobile node the possibility to use PPP or CSD-PPP by sending out a standard 
PPP/LCP packet and at least a PPP/EAP packet. 

21. The method of claim 20, wherein the mobile node opts for CSD-PPP using 
PPP/EAP, concurrently processing PPP/LCP. 

22. The method of claim 20, wherein the mobile node opts for PPP and processes 
PPP/LCP. 

23. The method of claim 20, wherein the internetworking access server also sends out 
a PPP/CHAP packet together with the PPP/LCP and PPP/EAP packets. 

24. The method of claim 23, wherein the mobile node wants MIPv6 hand-in and opts 
for CSD-PPP using PPP/CHAP, concurrently processing PPP/LCP. 

25. The method of claim 1, wherein assignment of a global IPv6 address is performed 
based on DHCP exchanges between the mobile node and the home network over the 
AAA infrastructure. 
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26. The method of claim 1, wherem IPv6 address coBfigiuration is perfomied based on 
the NCP (IPv6CP) phase of PPP for Interface-ID assignment, and IPv6 router 
solicitation/advertisement for obtaining the global prefix of the IPv6 address. 

5 27. A system for authentication and authorization support for Mobile IP version 6 
(MIPv6) in a CDMA system, characterized by means for transferring, between a 
mobile node (10) in a visited network and a home network of the mobile node, MIPv6- 
related authentication and authorization information in an authentication protocol in an 
end-to-end procedure transparent to the visited network over an AAA infirastructure. 

10 

28. The system of claim 27, wherein the authentication protocol is an extended 
authentication protocol. 

29. The system of claim 27, wherein the end-to-end procedure is between the mobile 
15 node (10) and an AAA server (34) in the home network, and nodes in the visited 

network act as mere pass-through agents in the end-to-end procedure. 

30. The system of claim 29, wherein the MIPv6-related information is transferred in 
the authentication protocol between the mobile node (10) and the AAA home network 

2 0 server (34) via an intemetworking access server (22) located in the visited network. 

3 1 . The method of claim 30, wherein the intemetworking access server (22) is a PDSN 
node 

25 32. The system of claim 30, further comprising means for configuring point-to-point 
communication between the mobile node (10) and the intemetworking access server 
(22) based on the CSD-PPP protocol. 

33. The system of claim 27, wherein the MIPv6-related information also comprises 

3 0 MIPv6 configuration information. 
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34. The system of claim 28, wherein the extended authentication protocol is an 
extended Extensible Authentication Protocol (EAP) and the MIPv6-related 
autiientication and authorization information is incorporated as additional data in the 
EAP protocol stack. 

5 

35. The system of claim 34, wherein said means for transferring MIPv6-related 
information comprises means for transferring the MIPv6-ielated information as EAP 
attributes of the method layer in the EAP protocol stack. 

10 36. The system of claun 34, wherem said means for transferring MIPv6-related 
information comprises means for transferring the MIPv6-related infonnation in a 
generic container attribute available for any EAP method. 

37. The system of claim 34, wherein said means for transferring MIPv6-related 
15 information comprises means for transferring the MIPv6-related information in a 

method-specific generic container attribute of the method layer in the EAP protocol 
stack. 

38. The system of claim 27, wherein the authentication i>rotocol is carried by a 
20 protocol selected jfrom the group of PANA, PPP, and CSD-PPP between the mobile 

node (10) and an internetworking access server of the visited network. 

39. The system of claim 30, wherein the authentication protocol is carried by an AAA 
framework protocol application between the internetworking access server of the 

2 5 visited network and the AAA server (34) in the home network. 

40. The system of claim 39, wherein the AAA framework protocol appUcation is 
selected from the group of Diameter, and RADIUS. 



AMENDED SHEET (ARTICLE 19) 



wo 2004/1 12349 PCT/SE2004/000950 

57 

41. The system of claim 27, wherein said system further comprises means for 
performing, for the purpose of MIPv6 hand-in, CHAP authentication between the 
mobile node and the home network, 

5 42. The system of claim 41, wherein said means for performing CHAP authentication 
is operable for using an authentication phase of PPP. 

43. The system of claim 27, wherein said means for transferring MIPv6-related 
information is operable for transferring the MIPv6-related information over the AAA 

1 0 infrastructure for allocation of a home agent (36). 

44. The system of claim 27, wherein said means for transferring MIPv6-related 
information is operable for transferring the MIPv6-related mformation over the AAA 
infrastmcture for establishing a MIPv6 security association between the mobile node 

15 (10) and a home agent (36). 

45. The system of claim 27, wherein said means for transferring MIPv6-related 
information is operable for transferring the MIPv6-related information over the AAA 
infrastructure for establishing a binding for the mobile node (10) in a home agent (36). 

20 

46. The system of claim 30, wherein the internetworking access server (22) is operable 
for offering the mobile node the possibility to use PPP or CSD-PPP by sending out a 
standard PPP/LCP packet and at least a PPP/EAP packet 

25 47. The system of claim 46, wherein the mobile node is operable for selecting CSD- 
PPP using PPP/EAP, concurrently processing PPP/LCP. 

48. The system of claim 46, wherein the mobile node is operable for selecting PPP and 
processing PPP/LCP. 

30 
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49. The system of claim 46, wherein the intemetworldng access server is operable for 
sendmg out a PPP/CHAP packet together with the PPP/LCP and PPP/EAP packets. 

50. The system of claim 49, wherein the mobile node, wanting MIPv6 hand-in, is 
5 operable for selectmg CSD-PPP using PPP/CHAP, concurrently processing PPP/LCP, 

51. The system of claim 27, further comprising means for assignment of a global IPv6 
address based on DHCP exchanges between the mobile node and the home network 
over the AAA infrastructure. 

10 

52. The system of claim 27, further comprising means for IP address configuration 
based on the NCP (IPv6CP) phase of PPP for Interface-ID assigmnent, and IPv6 router 
solicitation/advertisement for obtaining the global prefix of the IPv6 address. 

15 53. A system for Mobile IP version 6 (MIPv6) hand-in within a CDMA framework, 
characterized by means for performing CHAP authentication between a mobile node 
(10) in a visited network and an AAA server in a home network of the mobile node 
over an AAA infrastructure. 

20 54. An AAA home network server (34) for authentication and authorization support for 
Mobile IP version 6 (MIPv6) in a CDMA system, characterized by 
means for assigning a home agent (36) to a mobile node (10); and 
means for distributing credential-related data for security association 
establishment between the mobile node and the home agent to the mobile node and the 

2 5 home agent, respectively. 

55. The server of claim 54, characterized by means for assigning a home address to the 
mobile node (10). 

3 0 56. The server of claim 55, characterized by means for configuring the home address of 

the mobile node (10) using the roundtrips of a selected EAP procedure. 
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57. The server of claim 55, characterized by means for transferring the home address of 
the mobile node (10) to the home agent (36) using an AAA framework protocol 
application. 
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